Re: [Guidelines change] Changes to the packaging guidelines

[...]
The definition of "public" was intentionally vague, but perhaps we
could try to find a better way to say it. I was trying to treat it as
"network interfaces that accept connections from arbitrary sources".

I'm not sure that there's a tremendously meaningful
distinction to be
made between allowing services that listen on D-BUS or a local UNIX
socket and services that listen on the localhost TCP socket [...]

I'd personally prefer to assume the best intentions of our
packagers;
specifically I'd assume that if there's a question as to the safety of
starting something by default, either they'd bring it up voluntarily or
someone would do so on their behalf if a problem was discovered.

This is not about trusting the code or intentions of the packagers.
This is about what threat model are we expected to protect against by
not activating e.g. all services by default. Specifying that would
help clear up -why- the change, and that will in turn inform -how- to
change.
- FChE